As we have all seen in the pandemic, there has been an over 600 per cent of increase in phishing attacks on organisations. Phishing and BYOD are two key elements that are directly related to active directory penetration. During the pandemic, you will find that most of the attacks have been devised through email carrying the subject line ‘COVID-19’ that immediately draws our attention. Of course, there were other areas as well like brand impersonation and email compromise. We have allowed employees to use their own device and to access through Teams, but we forgot at that time, employees might also access Teams from their mobile phones. That is a very vulnerable area.
However, as I said, the hybrid mode is here to stay, but starting anything new means increasing risks for the organisation. In our organisation, we have beefed up security measures and increased monitoring and set up a SOC (Security Operations Centre) for constant surveillance.
Cyber security is a hot topic in Bangladesh today, but around 2005, when I started working, it was not important. But after the recent Bangladesh Bank hacking incident, on board members have become conscious. In a financial institution, board members usually come from different backgrounds and it becomes difficult to give the ownership of cyber security to non-technical people. It is important of have a board member who will understand the importance of information security. Today the board members in my organisation are more conscious and prepared to take the shock of possible hacking.